• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Yet another Intel CPU security vulnerability!

zx128k said:
All that matters security wise is the RIDL attack exists. You then plan how to close the hole. You don't go, I need to win a forum debate about HT. So I will create sophistry about doing nothing. One of the attacks steals your location from your web browser while you at browsing using the Tor network (https://www.torproject.org/). In the right country, that's your life on the line .
Click to expand...

Yes you try to understand these attacks and plan - these kind of exploits are serious enough to warrant disabling HT in a shared hosting environment but that isn't why I'm talking about that passwd example - the point is that are even you are slowly admitting in the real world the example they presented has severe obstacles that they haven't gone into details on in the whitepaper - I'm using that as an example that there are also factors like this in their other examples which need to be understood in the light of the security situation with the real world result being that for the average consumer desktop by the time an attacker gets to using these exploits it is already too late and doing things like disabling HT in the appropriate environment doesn't provide adequate security mitigation if your system is compromised enough for them to use these attacks.

BTW Vince is someone who has many many times on these forums demonstrated they have hands on experience with these matters at a level way above the level of the layman with all the proof in posts around these forums so attacking his input by claiming he is a child is pretty LOL.
 
zx128k said:
Off course you are confused. They call it Defense in depth.

Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.
Click to expand...
Thanks for the copy and paste from literally the first hit on Google. You have really demonstrated your security expertise.
 
Rroff said:
Yes you try to understand these attacks and plan - these kind of exploits are serious enough to warrant disabling HT in a shared hosting environment but that isn't why I'm talking about that passwd example - the point is that are even you are slowly admitting in the real world the example they presented has severe obstacles that they haven't gone into details on in the whitepaper - I'm using that as an example that there are also factors like this in their other examples which need to be understood in the light of the security situation with the real world result being that for the average consumer desktop by the time an attacker gets to using these exploits it is already too late and doing things like disabling HT in the appropriate environment doesn't provide adequate security mitigation if your system is compromised enough for them to use these attacks.

BTW Vince is someone who has many many times on these forums demonstrated they have hands on experience with these matters at a level way above the level of the layman with all the proof in posts around these forums so attacking his input by claiming he is a child is pretty LOL.
Click to expand...

The tor attack shows that you can steal the location of the victim from their browser while they us a VPN. They can steal the history of the websites you visit. Useful for the worst governments on earth.
The hash attack should now have admins changing passwords every 24 hours.
Software companies will have to spend billions mitigating all these security holes in their software. This is basically as bad as it gets.

Even so turning off HT does not fix the issue, you have a performance costing patch to add as well which is added to the 40% you lose to HT off and the 28% you have already lost.
 
Last edited:
IT Troll said:
Thanks for the copy and paste from literally the first hit on Google. You have really demonstrated your security expertise.
Click to expand...

More than you have funny enough, at least I have found google. The only way to do an IT job. Youtube is great as well....but it's a part of google now.
 
Last edited:
Rroff said:
Yes you try to understand these attacks and plan - these kind of exploits are serious enough to warrant disabling HT in a shared hosting environment but that isn't why I'm talking about that passwd example - the point is that are even you are slowly admitting in the real world the example they presented has severe obstacles that they haven't gone into details on in the whitepaper - I'm using that as an example that there are also factors like this in their other examples which need to be understood in the light of the security situation with the real world result being that for the average consumer desktop by the time an attacker gets to using these exploits it is already too late and doing things like disabling HT in the appropriate environment doesn't provide adequate security mitigation if your system is compromised enough for them to use these attacks.

BTW Vince is someone who has many many times on these forums demonstrated they have hands on experience with these matters at a level way above the level of the layman with all the proof in posts around these forums so attacking his input by claiming he is a child is pretty LOL.
Click to expand...

I don't even know what I'm doing here but feel compelled to say at least something. I think now im just going to go and play with my new servers! The SD Cards have arrived so its time to get hands on with Rome :) - Bolstering that security Yo!
 
zx128k said:
The tor attack shows that you can steal the location of the victim from their browser while they us a VPN. They can steal the history of the websites you visit. Useful for the worst governments on earth.
The hash attack should now have admins changing passwords every 24 hours.
Software companies will have to spend billions mitigating all these security holes in their software. This is basically as bad as it gets.

Even so turning off HT does not fix the issue, you have a performance costing patch to add as well.
Click to expand...

Which shows you haven't understood anything I've said.

The hash attack is a proof of concept which can't work in a properly setup environment due to mitigations normally in play which again the reason I highlight that isn't about that attack itself but the fact that there are factors like that, which aren't in the whitepaper, which need to be understood for all these attacks in evaluating where you need to take precautions against them.

Vince said:
I don't even know what I'm doing here but feel compelled to say at least something. I think now im just going to go and play with my new servers! The SD Cards have arrived so its time to get hands on with Rome :) - Bolstering that security Yo!
Click to expand...

I'd say I was jealous but I really wouldn't want the responsibility of running these systems in this day and age!
 
zx128k said:
The tor attack shows that you can steal the location of the victim from their browser while they us a VPN. They can steal the history of the websites you visit. Useful for the worst governments on earth.
Click to expand...
Yes, it absolutely can do this. IF you are running the attack code on the same machine as the victim. In the case of the proof of concept video, they are running the executable on the exact same physical core as the web browser.
 
zx128k said:
In the right country, that's your life on the line
Click to expand...

Which goes back to my original comment - if you are concerned enough that you'd consider disabling HT then you really should be seriously thinking about moving away from Intel. Meanwhile in the real world as things stand for an attacker to get to the point they can leverage the weaknesses exposed by having HT on with the average consumer desktop your security is already compromised so turning HT on or off doesn't materially change your security situation. Unlike a shared hosting environment, etc. where a would be attacker potentially already has one foot in the door and can use these exploits to snoop outside of security boundaries they normally couldn't. There is a reason why the JS example was done on the same system against a specially crafted target process rather than showing off an intrusion through a standard browser into either privileged browser space or an arbitrary victim process, etc. part of that being the buffer they are exploiting is so small you really need to know what you are looking for already and be able to filter out the vast amounts of noise in a real environment which generally means these attacks have to do things like repeatedly invoking the same process so as to have as many chances as possible of being able to see relevant data in the buffer.

As many security professionals have said these side-channel attacks are more suited to manual hacking of things like businesses and infrastructure and not particularly useful in common malware.
 
IT Troll said:
Yes, it absolutely can do this. IF you are running the attack code on the same machine as the victim. In the case of the proof of concept video, they are running the executable on the exact same physical core as the web browser.
Click to expand...

It runs in JavaScript. Your browser can run JavaScript. The code always runs on the victims machine, it has too. So what's your point? None when you think about it. If you want to run HT just enable it. If you want to follow the experts then turn it off. As a gamer, you most likely want the performance that is likely true. The issue is what it is. I comes down too, if you care really.
 
zx128k said:
It runs in JavaScript. Your browser can run JavaScript. The code always runs on the victims machine, it has too. So what's your point? None when you think about it.
Click to expand...
Nope. The Tor browser proof of concept uses ZombieLoad and requires an executable. You can download the source in their Git. Note that there is no JavaScript in the repo.
https://github.com/IAIK/ZombieLoad
 
IT Troll said:
Nope. The Tor browser proof of concept uses ZombieLoad and requires an executable. You can download the source in their Git. Note that there is no JavaScript in the repo.
https://github.com/IAIK/ZombieLoad
Click to expand...

There was me talking about RIDL for 99% of all my forum posts. It's not like I posted the source code form github. Funny enough I believe I posted the JavaScript one. You can look back over this mess and find it.
 
zx128k said:
There was me talking about RIDL for 99% of all my forum posts. It's not like I posted the source code form github. Funny enough I believe I posted the JavaScript one. You can look back over this mess and find it.
Click to expand...
Yeah, JavaScript demo is RIDL and doesn't use a standard browser, we've already covered that in great depth. Completely different to the Tor browser demo. Just another example of you mixing things up.
 
zx128k said:
There was me talking about RIDL for 99% of all my forum posts. It's not like I posted the source code form github. Funny enough I believe I posted the JavaScript one. You can look back over this mess and find it.
Click to expand...

Where did you link to the source for those examples? - I've only seen you link to the github for the tool you can use to check if you are running a CPU which has architecture weaknesses to these side-channel attacks.

I find the readme for their tool kind of ironic:

"Q) Can I run this in a VM?

This program relies on the cpuid instruction, which may report the wrong information in a VM. Make sure to run this on the actual hardware without virtualization."

Yeah couldn't be using a side-channel exploit to snoop the machine id from within a VM now hehe.
 
Rroff said:
Where did you link to the source for those examples? - I've only seen you link to the github for the tool you can use to check if you are running a CPU which has architecture weaknesses to these side-channel attacks.

I find the readme for their tool kind of ironic:

"Q) Can I run this in a VM?

This program relies on the cpuid instruction, which may report the wrong information in a VM. Make sure to run this on the actual hardware without virtualization."

Yeah couldn't be using a side-channel exploit to snoop the machine id from within a VM now hehe.
Click to expand...

They are all in the same post, so you followed the links for all of them until you found something you wanted to make out was wrong? Wait I get it, I should contact the dark web and get you the latest hacking tools from hacking-r-us. Let me open my bitcoin wallet. That way you can have the most all sing and dancing tools to do all the attacks. So you can at last finally accept the advise of people with phd's, who did the research and advise to turn off HT. Maybe we will argue about your unrealistic burden of proof for another ten forum pages.
 
zx128k said:
They are all in the same post, so you followed the links for all of them until you found something you wanted to make out was wrong? Wait I get it, I should contact the dark web and get you the latest hacking tools from hacking-r-us. Let me open my bitcoin wallet. That way you can have the most all sing and dancing tools to do all the attacks. So you can at last finally accept the advise of people with phd's, who did the research and advise to turn off HT. Maybe we will argue about your unrealistic burden of proof for another ten forum pages.
Click to expand...

I assume you mean this post? https://forums.overclockers.co.uk/posts/33026029 before running your mouth you might want to point out where there is a github link to the source code for the JavaScript exploit, etc.

One day you might realise that nothing I'm saying conflicts with the advice of those professionals I am only interpreting it at greater depth than the more generic advisories they put out to cover their own backs and as they can't take into account every specific set of circumstances.
 
Last edited:
Rroff said:
I assume you mean this post? https://forums.overclockers.co.uk/posts/33026029 before running your mouth you might want to point out where there is a github link to the source code for the JavaScript exploit, etc.

One day you might realise that nothing I'm saying conflicts with the advice of those professionals I am only interpreting it at greater depth than the more generic advisories they put out to cover their own backs and as they can't take into account every specific set of circumstances.
Click to expand...

So have you turned off HT? If the link is not there search github. What am I your maid?
 
zx128k said:
So have you turned off HT? If the link is not there search github. What am I your maid?
Click to expand...

You claimed the link was there then trashed me for not following it... it isn't the only RIDL source there is a tool for checking which vulnerabilities a system might be weak to and contains no exploit code. At the very least you owe me an apology.

zx128k said:
Such things exist you moron. https://www.nytimes.com/2019/05/06/us/politics/china-hacking-cyber.html

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
Click to expand...

He never said such malware doesn't exist - things like EternalBlue prove that but pointed out that you are using selecting snippets from different areas, often taking information out of context and poorly understood and ramming them together to try and make the appearance of such erroneously.
 
You must log in or register to reply here.
Back
Top Bottom